CVE-2024-27010

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-05205-g77fadd89fe2d-dirty #213

Description The issue arises when the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to itself, resulting in a qdisc lock deadlock. This can be recreated using specific tc qdisc and filter commands on devices such as eth0 and eth1. The deadlock occurs due to a possible recursive locking scenario where the task tries to acquire a lock it already holds. To fix this, an owner field (CPU id) is added to struct Qdisc after the root qdisc is entered, and if the softirq enters a second time with the same CPU as the qdisc owner, the packet is dropped to break the loop.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the mirred deadlock on device recursion. Specifically, ensure that the kernel version is later than 6.8.0-05205-g77fadd89fe2d-dirty #213. As a temporary workaround, consider avoiding the use of the mirred action on classful egress qdisc when packets are mirrored or redirected to themselves, or apply the patch that adds the owner field to struct Qdisc manually if updating the kernel is not immediately feasible.